Lucene search
K

7 matches found

EUVD
EUVD
added 2026/03/23 9:30 p.m.5 views

EUVD-2026-14521

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the StartDate parameter in...

5.1CVSS6AI score0.00296EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.8 views

CVE-2025-34425

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a...

6.1CVSS5.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 5:2 p.m.5 views

CVE-2025-34420

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

8.5CVSS7.3AI score0.0015EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 4:8 p.m.38 views

CVE-2025-34424

MailEnable (Windows) versions prior to 10.54 are affected by an unsafe DLL loading issue where the administrative executable loads MEAIDP.DLL from the installation directory without proper integrity checks or a secure search order. This allows a local attacker with write access to that directory ...

8.5CVSS7AI score0.00147EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

MailEnable 代码问题漏洞

MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...

8.5CVSS6.1AI score0.0017EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 6:9 p.m.27 views

CVE-2025-34401 MailEnable < 10.54 Reflected XSS in FieldBcc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variab...

5.3CVSS0.00336EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 6:9 p.m.4 views

EUVD-2025-202190

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variab...

6.1CVSS5.3AI score0.00336EPSS
Exploits0References4
Rows per page
Query Builder